CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

Database specific

{
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/0xxx/CVE-2025-0781.json"
}

References

Affected packages

Git / gitlab.com/flightgear/flightgear

Affected ranges

Type: GIT
Repo: https://gitlab.com/flightgear/flightgear
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ad37afce28083fad7f79467b3ffdead753584358

Affected versions

2.*

2.2.0-rc1

JSBSim/v1.*

JSBSim/v1.1.1

Other

last-automake

last-cvs

master-20100117

master-20100125

remove-ATCDCL

v2.*

v2.0.0

v2.0.0-bits

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

version/2.*

version/2.10.0

version/2.11.0

version/2.12.0

version/2.4.0

version/2.5.0

version/2.6.0

version/2.7.0

version/2.8.0

version/2.9.0

version/2016.*

version/2016.1.0

version/2016.1.1

version/2016.2.0

version/2016.2.1

version/2016.3.0

version/2016.3.1

version/2016.4.0

version/2016.4.1

version/2017.*

version/2017.1.0

version/2017.1.1

version/2017.2.0

version/2017.2.1

version/2017.3.0

version/2017.3.1

version/2017.4.0

version/2018.*

version/2018.1.1

version/2018.2.0

version/2018.2.1

version/2018.3.0

version/3.*

version/3.0.0

version/3.1.0

version/3.2.0

version/3.3.0

version/3.4.0

version/3.5.0

version/3.6.0

version/3.7.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "287558192824168312176891526790588496326",
                "225277196899202221484671989223216982661",
                "97977021556137033147410305547317865985",
                "15452191806764509888845595507775211228",
                "218372333113441929091944420501057161656",
                "197289599082844171290506947691576468269",
                "188572630938096942081350278361378026228",
                "82750131224663590802561524734000195216",
                "286647616246624700125669281790932041499",
                "20085596970029472661381297419955388801",
                "167393378517571835829488279623996957397",
                "112425518745368565899588644987679926978",
                "136792069286970499323062558466422699331",
                "271212504417626079067349643145180240459",
                "119113019396989550235112541028399600526",
                "292433013028081855349094781587969332439",
                "18377852305958671715945432507043452972",
                "119253018290270376766464903124617177530",
                "299115726733373068994629636046039861704",
                "322048486035876141469231256591019114767",
                "309149560221026940696098734283161745184",
                "295898540188440883117189237753632757596",
                "306296572503005881132392319214469943585"
            ]
        },
        "target": {
            "file": "src/Scripting/NasalSGPath.cxx"
        },
        "id": "CVE-2025-0781-1eb9661d",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://gitlab.com/flightgear/flightgear@ad37afce28083fad7f79467b3ffdead753584358"
    },
    {
        "digest": {
            "function_hash": "281077675152790947644426163833833883594",
            "length": 474.0
        },
        "target": {
            "function": "checkIORules",
            "file": "src/Scripting/NasalSGPath.cxx"
        },
        "id": "CVE-2025-0781-4b74dda3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://gitlab.com/flightgear/flightgear@ad37afce28083fad7f79467b3ffdead753584358"
    },
    {
        "digest": {
            "function_hash": "61856522253849571751186914217369993848",
            "length": 165.0
        },
        "target": {
            "function": "validatedPathToNasal",
            "file": "src/Scripting/NasalSGPath.cxx"
        },
        "id": "CVE-2025-0781-9afb2afc",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://gitlab.com/flightgear/flightgear@ad37afce28083fad7f79467b3ffdead753584358"
    },
    {
        "digest": {
            "function_hash": "170458705050771857603730969025994986495",
            "length": 131.0
        },
        "target": {
            "function": "f_desktop",
            "file": "src/Scripting/NasalSGPath.cxx"
        },
        "id": "CVE-2025-0781-9e20b9d2",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://gitlab.com/flightgear/flightgear@ad37afce28083fad7f79467b3ffdead753584358"
    }
]

Git / gitlab.com/flightgear/simgear

Affected ranges

Type: GIT
Repo: https://gitlab.com/flightgear/simgear
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5bb023647114267141a7610e8f1ca7d6f4f5a5a8

Affected versions

2.*

2.2.0-rc1

Other

AFTER_OPENAL_DOPPLER_WORKAROUND

BEFORE_OPENAL_DOPPLER_WORKAROUND

PRE_0_7_2_REORG

PRE_OSG_PLIB_BPOINT

RELEASE_0_0_11

RELEASE_0_0_12

RELEASE_0_0_13

RELEASE_0_0_14

RELEASE_0_0_15

RELEASE_0_0_16

RELEASE_0_0_17

RELEASE_0_0_18

RELEASE_0_0_19pre1

RELEASE_0_0_19pre2

RELEASE_0_0_6

RELEASE_0_0_7

RELEASE_0_2_0

RELEASE_0_3_0

RELEASE_0_3_1

RELEASE_0_3_10

RELEASE_0_3_2

RELEASE_0_3_3

RELEASE_0_3_4

RELEASE_0_3_4_pre1

RELEASE_0_3_5

RELEASE_0_3_5_pre1

RELEASE_0_3_5_pre2

RELEASE_0_3_6

RELEASE_0_3_7

RELEASE_0_3_8

RELEASE_0_3_9

RELEASE_0_57

RELEASE_0_58

RELEASE_0_59

RELEASE_0_6_0

RELEASE_0_6_1

RELEASE_0_6_2

RELEASE_0_7_0

RELEASE_0_7_1

RELEASE_0_7_2

RELEASE_0_7_3

Release-1999_05_01

SIMGEAR_1_9_0